Common methods to provides a high availability solution by using TMG 2010

September 22, 2011

12 comments

The following post describes the common methods to provides a high availability solution by using TMG 2010.

Note: This post doesn’t cover Internet service provider high availability solutions.

 

Option 1: Using TMG 2010 Enterprise and Load Balance Mechanism

Pre-Prerequisites:

1. At least two TMG 2010 Enterprise Servers.

Source: About the Forefront TMG Editions

2. The TMG 2010 Servers should be setup to use Windows NLB or Hardware load balancer (The load balancer should support IP affinity).

Note1: Without using some load balance mechanism no automatic failover / load balance would be done. By using load balance mechanism there is no need to deploy and manage Windows cluster.

Note2: Some Load Balance Mechanisms support a Active/Passive mode. By this, one server is online and only after the load balance mechanism dedicate issue with the first server, the Passive server “move” it self to Active state (e.g. Serving users etc.)

Note3: Although you can use DNS Round Robin feather as a load balance mechanism,  I wouldn’t recommended to use it.

3. TMG 2010 Enterprise License/s.

4. Optional: A third server – EMS-managed server for supporting Enterprise Array.

For further information please review: About enterprise storage 

Advantages:

1. All the Array members share the same configuration (e.g. Firewall Policy, Publishing rules etc.)

Note: EMS-managed – provides additional management capabilities, like creating the option to create a single policy and deploy it on multiple TMG Arrays etc.

2. Support for Intra-array communication – enables communication between array members on a dedicated network only.

Source: Enabling intra-array communication

3. Easy backup/restore settings for the Array (Standalone/Enterprise).

4. Supporting: Caching in Forefront TMG arrays

“In arrays, Forefront TMG uses Cache Array Routing Protocol (CARP) to provide a single, logical cache, for all the servers in the array. CARP allows Forefront TMG array members to efficiently balance Web-based client load, and split cached content between them. On the client side, CARP provides client computers with the information and algorithms required to identify which is the best server in the array to serve their request, thus eliminating the need for array members to forward requests between the array members. CARP also supports array server selection by the servers themselves and chained proxies.

Source: Planning to cache Web content

Disadvantages:

1. Cost.

2. Additional knowledgebase may need for deployment and troubleshooting.

Note: “NLB’s maximum total bandwidth was found to be about 500 Mbps”.

Source: Forefront TMG 2010 hardware recommendations

3. No connection state synchronization is be done by the Array members.

 

Option 2: Using TMG 2010 Standard and Load Balance Mechanism

Pre-Prerequisites:

1. At least two TMG 2010 Servers.

2. The TMG 2010 Servers should be setup to use Windows NLB or Hardware load balancer (The load balancer should support IP affinity).

Note1: Without using some load balance mechanism no automatic failover / load balance would be done. By using load balance mechanism there is no need to deploy and manage Windows cluster.

Note2: Some Load Balance Mechanisms support a Active/Passive mode. By this, one server is online and only after the load balance mechanism dedicate issue with the first server, the Passive server “move” it self to Active state (e.g. Serving users etc.)

Note3: Although you can use DNS Round Robin feather as a load balance mechanism, I wouldn’t recommended to use it.

 Advantages:

1. Low cost.

2. Higher bandwidth support then solution “Option 3”.

Disadvantages:

1. Additional resources for management would be require (e.g. Changing Firewall rules in one TMG 2010 Server wouldn’t be copied automatically to the other TMG 2010 Server. For this, a manual change or/and script for configurations synchronization may need to implement).

2. No support for Cache Array Routing Protocol (CARP).

3. Additional management resources may need for troubleshooting issues.

Note: “NLB’s maximum total bandwidth was found to be about 500 Mbps”

Source: Forefront TMG 2010 hardware recommendations

4. No connection state synchronization is be done by the Array members.

 

Option 3: Using TMG 2010 Standard and Failover Mechanism

Pre-Prerequisites:

1. At least two TMG 2010 Servers.

2. To provides a Failover Mechanism, you can use one of the following technics:

2.1 Using DNS “A Record” for the Proxy FQDN name (e.g. Proxy.MyDomainName.local) that point to one of the TMG Server IP. In case of problem, changing manually the IP in the A record would provide a failover.

Note: Its recommended to change the cache time of the A record in the DNS server to 1-3 minutes.

2.2 Using Hardware load balancer or NLB (Only one server should be active in the same time).

Note: Only a single server should be active in one time.

2.3 Changing the Proxy name/IP by using GPO.

2.4. Using Forefront TMG 2010 with WPAD server mechanism (Auto Proxy Discovery)

Note: Me. Raihan Al-Beruni wrote a nice article on this option: How to configure Forefront TMG 2010 as WPAD server (Auto Proxy Discovery)—Step by Step
2.5. Using configuration file. This file contain the proxy settings and the clients Brower can query it. Updating the file content would allow the client to use a few Proxy server or/and a new Proxy server.

Advantages:

1. Low cost.

Disadvantages:

1. No support for Cache Array Routing Protocol (CARP).

2. Without a proper failover mechanism, a manual changes may required in the “D Day”.

3. No connection state synchronization is be done by the TMG 2010 Servers.

4. Low bandwidth support (Comparing to Option 1 + 2).

 

Appendix 1: How the client Brower can find the correct Proxy settings in the network?

Microsoft TechNet provides a excellent summary of the methods that could be sued for updating the Proxy details in the client side.

You may found out that some of this topic was cover in my post.

Planning automatic Web proxy detection 

 

Appendix 2: Limitations of TMG 2010 server with a single network adapter

About single network adapter limitations

For Further information please review:

Planning for Forefront TMG server high availability and scalability

Troubleshooting NLB

Add comment
facebook linkedin twitter email

Leave a Reply

12 comments

  1. RogerAugust 29, 2012 ב 14:37

    So all of those configurations of TMG have the disadvantage that “No connection state synchronization is be done by the TMG 2010 Servers.” – what is the alternative to this (i.e. is state synchronization is required, how is that achieved with TMG 2010?)

  2. ConnerMarch 14, 2013 ב 06:28

    Fabulous, what a website it is! This webpage provides valuable information to us, keep it up.

  3. FineMarch 14, 2013 ב 06:33

    Take a look at your schedule and come of with solutions ahead of time
    for lunches and dinners out, this will give you a game plan to follow.

    You may want to try the buddy system, as lot of people find that this motivates
    them tremendously. Download Rosie’s free report 5 Simple Steps to Fat Loss and start losing weight today.

  4. SernaMarch 17, 2013 ב 06:16

    I’ve listened to this a dozen or more times and still find it delightful and sooooo original in concept. The effects of what they see, read and hear are having a devastating affect on our society today. You can only visit once a day and there is no guarantee that you will get anything from it but as I always say, free is free.

  5. RyanMarch 21, 2013 ב 16:44

    The Butler Report ( is a world news summary website site which, in addition
    to headline news, publishes US and worldwide events not
    covered by mainstream media. The ultimate online
    news source that covers news, travel, money, sports, life, technology and weather.

    They can also update news on their site as and when the event occurs while the newspapers have to
    wait until the next morning.

  6. RaderMarch 28, 2013 ב 10:32

    While nutraceutical and pharmaceutical content in the baseline
    algae strain is very small, current market values for
    these products are extremely high. It was a scientific breakthrough that provided a huge impetus to the work on ageing, genetics and medicine.
    This means that by the time elementary school-age children reach the workplace, this system will be in place, requiring maintenance and advancements.

  7. GoodeApril 20, 2013 ב 15:06

    If a wide search is made on the internet, services can be utilized easily that are provided by them.
    Talking of the walking dead, congratulations to Hugh Hefner, who is getting married at age
    84 to 24-year-old beauty Crystal Harris. With this online store
    you need not worry about being fooled because the site
    is accorded security.

  8. MattesonApril 22, 2013 ב 08:00

    I visit every day some blogs and blogs to read
    articles or reviews, except this weblog gives quality based posts.

  9. NowellApril 22, 2013 ב 10:37

    1- Number your curse words and call out a number when stress strikes.
    Sometimes we sing some English songs, and I encouraged the
    students practise their English through the way of singing.
    The world will suddenly look a much better
    place to live in.

  10. RobinetteMay 4, 2013 ב 16:26

    Thus, there are many broad options for getting to know various kinds of news today and that
    too through the use of various mediums. This glass would cost less than $1000 and would
    be available to almost all the people in Britain.

    It the radio was the only one that used to deliver
    the days news and weather updates.

  11. ChenMay 6, 2013 ב 11:15

    The ninja of the game is a fruit killer which means that you
    have to make your ninja cut fruits into half before they hit the
    ground. Show off your amazing daredevil stunts without putting yourself in danger.

    If you get stumped on a level you can see your online
    friends’ solutions, including Casey’s three-star solution.

  12. OchoaMay 21, 2013 ב 12:11

    This is a very good tip especially to those fresh
    to the blogosphere. Short but very accurate infoÖ Thank you for sharing this one.

    A must read post!